Summary: | <www-apps/viewvc-1.1.11: Denial of Service Vulnerability (CVE-2009-5024) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | alexanderyt, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://viewvc.tigris.org/source/browse/*checkout*/viewvc/tags/1.1.11/CHANGES | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2011-05-28 18:52:25 UTC
Tested on x86, looks good over here. amd64 ok x86 stable, thanks Andreas amd64 done. Thanks Agostino sparc keyword dropped Thanks, folks. GLSA Vote: yes. CVE-2009-5024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-5024): ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb row_limit configuration setting, and consequently conduct resource-consumption attacks, via the limit parameter, as demonstrated by a "query revision history" request. Vote: NO. no too, and closing. |